UPDATED 23:36 EST / SEPTEMBER 20 2017

INFRA

You can’t make this up: Equifax directs hacked customers to fake security site

In a bizarre turn of events, consumer credit reporting agency Equifax Inc. has publicly suggested that those affected by its huge hacking should visit a fake site for further information.

The recommendation to visit the fake site came via a series of tweets on the official Equifax Twitter account. The tweets directed those affected to the fake site instead of to the official Equifax site set up specifically to help concerned consumers, Equifaxsecurity2017.com.

According to reports, the tweets directed customers to securityequifax2017.com, a site that mocks the ineptitude of Equifax for “using a domain that’s so easily impersonated by phishing sites.” Some sites are claiming that the fake site itself was a phishing site — Google alerts Chrome users that it is — but according to The Verge, the fake site itself was set up by full-stack developer Nick Sweeting to “expose vulnerabilities that existed in Equifax’s response page.”

“I made the site because Equifax made a huge mistake by using a domain that doesn’t have any trust attached to it [as opposed to hosting it on equifax.com],” Sweeting said. “It makes it ridiculously easy for scammers to come in and build clones — they can buy up dozens of domains, and typo-squat to get people to type in their info.”

Regardless of the intent, the mere fact that Equifax was publicly tweeting links to a fake site adds to an ongoing story that would make Shakespeare’s “Comedy of Errors” look like a tragedy. Starting with the breach itself, it has since been revealed that Equifax knew of the breach for months but failed to disclose it; that Equifax suffered an earlier hack in March which it also failed to disclose; that executives at the company used simplistic passwords on their accounts; and that some of the same executives also sold stock in the company prior to disclosing the hack, leading to a criminal investigation.

“The catastrophic breach of Equifax’s systems was inevitable because of systemic organizational disregard for cybersecurity and cyber-hygiene best practices, as well as Equifax’s reliance on unqualified executives for information security,” James Scott, a senior fellow at the Institute for Critical Infrastructure Technology, told SiliconANGLE.

Image: flickrhurst/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU